News Adobe flaw leads to Trojan attack

http://www.bit-tech.net/news/bits/2009/07/26/adobe-flaw-leads-to-trojan-attack/1

 

Presumably those people using FlashBlock will have an extra layer of protection also?

 

Good thing I use Foxit Reader.

 

I'm not amazed. Microsoft ignored critical IE bugs for months which it's now only getting around to fixing so why should Adobe be any different? While the non-profit Mozilla Foundation can fix critical JavaScript flaws within days and confirm the existence or not of further bugs over a weekend, it doesn't surprise me that a couple of the big, for-profit corporations are tardy with the unprofitable parts of their customer support, viz. providing patches for free.

 

I use Foxit as well. Nice program if you can stomach all the ads and stuff they try to shove down your throat when you install it.

Seriously, the solution is stop using Adobe's shitty programs, and stop giving them money. They produce good software when it comes to functionality and design, but it is almost always buggy and has tons of security vulnerabilities, and they have a very slow response rate in fixing those issues. One wonders why something like Flash needs to open up so many holes to the operating system to begin with.

 

I'm looking at the Secunia advisory page for IE8 and it's only affected by one unpatched bug rated "Less critical". I don't know if all of the bugs from past IE versions are a problem in the latest version, in which case IE would be terribly insecure. Simple solution? Use another browser!
I think MS is slower to patch because they have to test more thoroughly, seeing as IE is an integral part of Windows (especially on XP) and they can't go around breaking things. Firefox on the other hand is just a 3rd party program and fixes don't have to be tested quite as much (also they have had to push out updates to fix something the last one broke).

 

Vulnerabilities in flash are why I started using Flashblock ( didn't work, as some code still gets executed?) and eventually No Script. I feel bad for blocking the advertisements for the sites I enjoy, but the web is just too dangerous now a days.

I never found any discussion/acknowledgedment of the original vulnerabilities (early Flash 9) so I'm certainly not surprised that more exist

 

The vuln relates to IE operating on XP.
The vuln was originally reported on December 13, 2007.
Microsoft said they'd fixed it on July 14, 2009 and that fix was only a partial fix, with - what we're told is a complete fix - coming out this week.
18 months is one hell of a test cycle for a single vuln.
IE6 and IE7 account for over a third of web browsers. Back in December 2007 over 50% of users were using IE6 and IE7, so at least a third of internet users have been vulnerable for a period of over 18 months.
Less than 1 in 10 internet users currently use IE8.
IE8 was only officially released in March of this year so it does not surprise me that there are few reported vulns or exploits for it. The source code is not available for public viewing.
FF is the most popular browser in use today.
I'm not aware of any updates that have been issued to fix a problem with a previous update. Perhaps you could provide a link?
I totally agree that another browser should be used but you don't ever see that suggestion in Microsoft's official advisories .

 

What adverts does it block? I personally think flash adverts should burn in hell for all eternity, not everyone has uber fast CPU's to give spare clocks to flash adverts
I use Adblock Plus, Flashblock and noscript for an all round fast browsing experience

Who actually uses adobe reader? Seriously it's just a pile of bloatware, I don't wanna wait minutes for my damn PDF to load up! I can understand if you have the version that creates PDF files but it's crap for PDF viewing, Sumatra PDF Cheesecake

 

+1 for firefox users with no script ^__^

 

NoScript pwns again.

For those of you saying Foxit et al are the best alternatives, they have been hit by the same vulnerabilities as Adobe in the past.
Specifically the JS bug a few months back.
So while I agree that Foxit is better than Adobe's PDF viewer and likely to have less security issues due to a smaller user-base if nothing else, its not a blanket solution for security risks.

 

For those that still think MS is slower to patch because they have to test more thoroughly:

Not so thorough on this occasion: Microsoft 'update' breaks Office for Mac